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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 
Applicant : Laurent Gauche 
Filed : Herewith 

For : CONDITIONAL ACCESS SYSTEM DECODER AND 

ENTITLEMENT MANAGEMENT METHOD IN SAME 

PRELIMINARY AMENDMENT 



Hon. Commissioner of Patents and Trademarks 
Box PCT 

Washington, D.C. 20231 
Sir: 



In the US national phase application of PCT/FR99/02174 filed 
herewith, please enter the following amendments: 

nSl THE TITLE : 



Please amend the title of the application to read "CONDITIONAL 
ACCESS SYSTEM DECODER AND ENTITLEMENT MANAGEMENT METHOD 
IN SAME". 



IN THE SPECIFICATION: 



Please amend the specification as follows: 



On Page 1, lines 1-2, delete "CONDITIONAL ACCESS SYSTEM 
DECODER AND METHOD OF LOADING USER ENTITLEMENTS INTO SUCH 
A DECODER" and insert - CONDITIONAL ACCESS SYSTEM DECODER AND 
ENTITLEMENT MANAGEMENT METHOD IN SAME -. 



On Page 1, following the title, insert: 



~ This application claims the benefit under 35 U.S.C. § 365 of 
International Application PCT/FR99/02174, filed September 13, 1999, which was 
published in accordance with PCT Article 21(2) on March 23, 2000 in French, and 
which claims the benefit of French Patent Appln No. 981 1327, filed September 11, 
1998.- 
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Page 8, line 23, after "module" insert ~ 102 --; 
Page 10, line 12, delete "pilot" and insert ~ buffer management ~; 
Page 12, line 21, delete "pilot" and insert ~ buffer management -, and 
line 38, delete "pilot" and insert ~ buffer management — . 

IN THE CLAIMS: 

Please amend the claims as follows: 

1. (AMENDED) Conditional access system decoder [(9)] comprising: 

at least one device [(12)] intended to read and/or to write data from/to a 
detachable security element [(10)] supplied by a service provider; 

filters [(11)] intended to select at least one message [(EMM)] for managing 
entitlements which a user possesses with regard to a service supplied by said provider 
from among a data stream [(TS)] received; 
[characterized in that] wherein it comprises: 

means for selecting an entitlement management message [(EMM)] intended 
for a detachable security element when said security element is not inserted in the 
decoder; and 

means [(14)] for storing said entitlement management message. 

2. (AMENDED) Decoder according to Claim 1, furthermore comprising: 
an access control module [(CA)] capable of: 

a) receiving an identification parameter [(AD)] contained in a security element 
[(10)] inserted into said decoder; 

b) installing a filter configuration [(CI, C2)] as a function of the identification 
parameter [(AD)] received in such a way as to select an entitlement management 
message [(EMM)] intended for said inserted security element [(10)]; and 

c) transmitting said message [(EMM)] to said inserted security element; 
[characterized in that] wherein it comprises: 

a module for storing entitlements [(MD)] capable of: 

i) storing said configuration of filters [(C 1 , C2)] which is installed by the access 
control module [(CA)]; 

ii) reinstalling, following the erasure of the configuration of filters consequent 
upon the removal of said security element, the stored configuration of filters which is 
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appropriate to said security element, in such a way as to select an entitlement 
management message [(EMM)] intended for said security element when the latter is 
removed; and 

iii) storing said message [(EMM)] in a memory [(14)] of said decoder. 

3. (AMENDED) Decoder according to Claim 2, in which the module for storing 
entitlements [(MD)] is furthermore capable of: 

iv) detecting the insertion of a security element into said decoder; 

v) verifying whether an entitlement management message [(EMM)] intended for 
said inserted security element is stored in the memory [(14)] of the decoder; and 

vi) should verification be positive, transmitting said stored message [(EMM)] to 
said inserted security element. 

4. (AMENDED) Decoder according to Claim 3, in which the module for storing 
entitlements [(MD)] detects the insertion of a security element [(10)] into the decoder 
by recording any new installing of configuration of filters by the access control 
module [(CA)]. 

5. (AMENDED) Decoder according to [one of Claims 1 to 4] Claim 1 , in which the 
detachable security element [(10)] is a smart card. 

6. (AMENDED) Decoder according to Claim 5, in which the identification parameter 
[(AD)] contained in the security element is the address of the smart card. 

7. (AMENDED) Method of processing a message [(EMM)] for managing entitlements 
which a user possesses with regard to a service, said method comprising the steps 
consisting in: 

inserting a detachable security element [(10)] into a decoder [(9)]; 
recovering [(A3, A4)] fi-om said security element an identification parameter 
[(AD)]; 

installing [(A5)] a configuration of filter of the decoder as a function of said 
identification parameter [(AD)] in such a way as to select an entitlement management 
message [(EMM)] intended for said inserted security element; 
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transmitting [(A6-A10)] said message [(EMM)] to said inserted security 
element, [characterized in that] wherein the step of instalUng the configuration of 
filter which is appropriate to said security element is followed by a step of storing 
[(Bl, Bla)] said configuration and in that, when said security element [(10)] is 
removed from the decoder, causing the erasure [(C2)] of said configuration of filters, 
the configuration of filters which is appropriate to the removed security element is 
reinstalled [(D2)] on the basis of the configuration stored during the storage step in 
such a way as to select an entitlement management message [(EMM)] intended for 
said removed security element. 

8. (AMENDED) Method according to Claim 7, [characterized in that] wherein it 
comprises an additional step [(D3, D3a)] consisting in storing in a memory [(14)] of 
the decoder said entitlement management message [(EMM)] intended for said 
removed security element when such a message is selected. 

9. (AMENDED) Method according to Claim 8, [characterized in that] wherein it 
furthermore comprises the steps consisting in: 

reinserting said security element [(10)] into the decoder; 

verifying whether an entitlement management message [(EMM)] intended for 
said inserted security element is stored in the memory [(14)] of the decoder; and 

should verification be positive, transferring the stored message [(EMM)] to 
said inserted sectirity element. 

IN THE ABSTRACT: 

Please add the following Abstract. 

— The decoder comprises an access control module capable of 
recovering on a smart card inserted into the decoder an identification parameter of the 
card and of installing a configuration of filter making it possible to select, in the data 
stream received by the decoder, the entitlement management messages intended for 
the inserted smart card. It furthermore comprises a module for storing entitlements 
which is capable of storing the configuration installed by the module and of 
reinstalling this configuration of filter when the latter configuration is erased, 
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following the removal of the smart card. The messages intended for the smart card 
may therefore be selected and stored, even when the card is no longer in the 
decoder. — 



The title has been amended to conform with the translated title of the 
pubhshed application (WO 00/16557). 

The specification has been amended to include a reference to the 
priority applications. 

The above amendments to the claims have been made to eliminate the 
multiple dependencies, reference indicia and to meet the requirements of the United 
States. 

To meet the requirements of the United States, the Abstract (as 
originally filed in the PCT application) is added. 

No fee is believed to have been incurred by virtue of this amendment. 
However if a fee is incurred on the basis of this amendment, please charge such fee 
against deposit accoimt 07-0832 



THOMSON multimedia Licensing Inc. 

Patent Operation 

PO Box 5312 

Princeton, NJ 08543-5312 

March 6, 2001 



REMARKS 




Respectfiilly submitted, 
Laurent Gauche . 



Registration No. 39,371 
609/734-9875 
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CONDITIONAL ACCESS SYSTEM DECODER AND METHOD OF LOADING 
USER ENTITLEMENTS INTO SUCH A DECODER 



The present invention relates to a conditional 
5 access system decoder and, more particularly, to a 
method of loading entitlements which a user can acquire 
so as to access a distributed service within a 
conditional access system. 

A conditional access system allows a service 

10 provider to supply its services solely to users having 
acquired entitlements with regard to these services. 
Such is the case, for example, in pay-per-view 
television systems. 

As is known to the person skilled in the art, 

15 the service supplied by a service provider consists of 
an item of information scrambled by control words. To 
descrarable the itemi, the service provider supplies each 
user with the control words which served for scrambling 
the item. To keep the control words secret, they are 

20 supplied after having been enciphered with an algorithm 
with key K. The various enciphered control words are 
sent to the various users in control messages commonly 
denoted ECM (the abbreviation ECM standing for 
^^Entitlement Control Message"). The control words are 

25 deciphered in a secure processor contained in a 
security element such as, for example, a smart card. 

The scramJDled item can be descramlDled, and 
therefore read by a user, only with regard to the 
entitlements allocated to this user. Each user's 

30 entitlements are sent in entitlement mtanagement 
miessages commonly denoted EMM (the abbreviation EMM 
arising from "Entitlement Management Message"). The 
secure processor makes it possible to validate and to 
record the entitlements which rhe user has with regard 

35 to the service delivered. 

According to a known exemplary embodiment of a 
conditional access system, the service provider 
supplies each user with a smart card and a decoder. The 
selecting of the EMM messages is performed by 



installing an appropriate configuration of filters 
contained in the decoder. This configuration is 
installed on the basis of the reading, by circuits of 
the decoder^ of data contained in the smart card. For 
this purpose, the user is required to introduce the 
sm.art card into the decoder. 

When the EMM messages which correspond to the 
smart card are present in the signal received by the 
decoder, they are selected with the aid of the filters 
and transferred to the smart card where the 
corresponding entitlements are updated and stored. 

The EMM messages are issued, in an asynchronous 
manner, before rhe issuing of the scrambled service to 
which they correspond. The user entitlements are thus, 
for example, very often issued at the least busy times 
of the night. Furthermore, the user entitlements are 
required to be frequently renewed without the user 
being aware thereof. 

It follows that a user who wishes to be able to 
make regular use of the services of a provider is 
practically compelled to leave the smart card, which 
the provider supplied him with, permanently in the 
decoder so that the transferring of the EMM messages 
from the decoder to the smart card can be performed at 
The earliest opportunity. 

A user who is a subscriber to several service 
providers possesses as many smart cards as he has 
subscriptions. In the case where the various service 
providers share the sam^e decoder, it is possible to 
envisage the provision of several different smart card 
readers on the samie decoder but in this case, this 
appreciably increases the price of the decoder. In the 
mtore probable case in which the user possesses more 
smart cards than card readers available on his decoder, 
it is then almost impossible, for the user, to 
correctly manage his pool of smart cards so as to 
acquire at the earliest opportunity all the 
entitlements zo which he may have a right. 
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The invention aims to solve the aforesaid 
problems . 

To this end it relates to a conditional access 
system decoder comprising: 
5 - at least one device intended to read and/or 

to write data from/to a detachable security element 
supplied by a service provider; 

- filters intended to select at least one 
message for managing entitlements which a user 

10 possesses with regard to a service supplied by the 
provider from among a data stream received; and 

- an access control module which is capable of 
receiving an identification parameter contained in a 
security element inserted into the decoder; installing 

15 a filter configuration as a function of the 
identification parameter received in such a way as to 
select an enritlement managemient message intended for 
this inserted security element; and transmitting said 
m.essage to said inserted security element. 

20 According to the invention, the decoder 

furtherm.ore comprises a module for storing entitlements 
which is capable of storing the configuration of 
filters which is installed by the abovem.entioned access 
control module; reinstalling, following the erasure of 

25 the configuration of filters consequent upon the 
removal of the security element, the stored 
configuration of filters which is appropriate to said 
security element, in such a way as to select 
entitlement management message intended for said 

30 security elemient when the latter is removed; and 
storing said message in a memory of the decoder. 

According to another aspect of the invention, 
the module for storing entitlements of the decoder is 
furthermore capable of detecting the insertion of a 

35 security element into the decoder; verifying whether an 
entitlement management message intended for said 
inserted security element is stored in the memory of 
the decoder; and should verification be positive, 



transferring said stored message to said inserted 
security element. 

According to a preferred embodiment of the 
invention, the module for storing entitlements detects 
5 the insertion of a security element into the decoder by 
recording any new installing of configuration of 
filters by the access control module. 

The invention also relates to a method of 
processing a message for managing entitlements which a 
10 user possesses with regard to a service, said method 
comprising the steps consisting in: 

- inserting a detachable security element into 
a decoder; 

- recovering from said security element an 
15 identification parameter; 

- installing a configuration of filter of the 
decoder as a function of said identification parameter 
in such a way as to select an entitlement management 
message intended for said inserted security element; 

20 - transmitting said message to said inserted 

security element. 

According to the invention, the step of 
installing the configuration of filter which is 
appropriate to said security element is followed by a 

25 step of storing said configuration and, when said 
security element is removed from the decoder, causing 
the erasure of said configuration of filters, the 
configuration of filters which is appropriate to the 
removed security element is reinstalled on the basis of 

30 the configuration stored during the storage step in 
such a way as to select an entitlement management 
message intended for said removed security element. 

According to a preferred aspect of the 
invention, the method comprises an additional step 

35 consisting in storing in a memory of the decoder the 
entitlement management message intended for the removed 
security element when such a message is selected. 
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According to another aspect of the invention, 
the method furthermore comprises the steps consisting 

in : 

- reinserting said security element into the 

5 decoder; 

- verifying whether an entitlement m^anagement 
message intended for said inserted security element is 
stored in the mem.ory of the decoder; and 

- should verification be positive, transferring 
10 said stored message to said inserted security element. 

An advantage of the invention is that it allows 
the acquisition of user entitlements without the 
security element, which contains the data for 
installing the configuration of filters allowing the 

15 acquisition of these entitlements, being present in the 
decoder at the moment of acquisition. 

Other characteristics and advantages of the 
invention will become apparent from reading a 
particular, non-limiting, embodiment of the invention 

2 0 given with reference to Figures 1 to 4, among which: 

- Figure 1 represents a decoder furnished with 
a security elem^ent according to the invention; 

- Figure 2 diagrammatically represents a data 
packet transporting a user entitlement management 

25 message; 

- Figure 3 diagrammatically represents the 
various events and the various transfers of data 
involved during the m.ethod of processing the user 
entitlement management messages according to the 

30 invention; 

- Figures 4a to 4e illustrate various steps of 
the method according to the invention. 

In all the figures, the same references denote 
the sam.e elem.ents. 
35 Figure 1 represents a conditional access system 

decoder allowing a user with whom it is set up to 
receive services, such as televised programs, in the 
form of a digital information stream coded for example 
according to the MPEG2 standard (ISO/IEC 13818-1) . 



Only the elements required for the 
understanding of the invention have been represented in 
Figure 1. 

The decoder comprises in a manner known per se 
a tuner/demodulator 17 which receives a signal S, 
emanating from a satellite antenna or from a cable 
network, and which outputs a digital data stream, 
transmitted in the form of packets, and referred to as 
the TS (standing for "Transport Stream") in the 
aforesaid MPEG 2 standard, and containing the services 
supplied by providers. 

The services being transmitted in scrambled 
form., each service provider also supplies the user with 
a smart card 10 which contains secret elements miaking 
it possible to descramble the services. 

This smart card 10 is intended to be inserted 
into a sm.art card reader of the decoder, only the 
interface 12 with a microcontroller 16 in which the 
various applications of the decoder are executed having 
been represented. 

The decoder also comprises a memory 14 which 
the microcontroller 16 can access in read or write 
mode . 

Finally, the decoder comprises a component 20 
referred to as a demultiplexer which receives the data 
stream TS so as to extract therefrom the video or audio 
data packets corresponding to a service which the user 
wishes to display or so as to extract therefrom data 
packets containing so-called "service" information, 
such as user entitlem.ent management messages EMM. 

The demultiplexer 20 is composed of filters 11 
and of a buffer mtemory 18, generally referred to as a 
"buffer" . 

The filters are formied, as is known to the 
person skilled in the art, of assemblies of com.parators 
receiving on the one hand the data stream TS and on the 
other hand a reference value making it possible to 
identify the data packets to be extracted. When data 
packets are extracted from the stream TS, they are 



stored in the buffer 18 before being used by the 
various applications of the decoder which are executed 
in the microcontroller 16, 

Represented in Figure 2 is a data packet 
containing a user entitlement management message EMM. 
Like any data packet transported in the TS stream, it 
comprises an identifier: the PID (standing for "Packet 
IDentif ier" ) , followed by so-called "private" data. 
Indeed, all the data relating to access control are 
specific to the service provider and are not defined in 
the transport standard for the data packets. 

The private data include the EMM message 
proper. This message is composed of three elements: 

- a first element AD containing the address of 
the smart card for which the EMM message is intendeds- 
it can also entail an address corresponding to a group 
of smart cards for which the EMM message is intended; 

- a second element containing the user's 
entitlements (subscription, tokens per impulse 
purchasing of programs, etc) ; and 

- a third element SIGN making it possible to 
validate the contents of the EMM message which will not 
be described hereinbelow. 

When an EMM m.essage intended for the smart card 
10 which is inserted into the decoder has to be 
extracted from, the data stream TS, it is therefore 
necessary to configure a filter by supplying it with, 
as reference value, the PID of the data packets 
transporting the EMM messages and the address of the 
smart card which is in the decoder. 

In what follows, a filter configuration will be 
said to be "installed" or "set up", meaning that the 
aforesaid parameters (PID, smart card address) are 
transmitted to a filter, making it possible to select 
an EMM message intended for a given smart card. 

We shall now describe in greater detail, in 
conjunction with Figures 3 and 4, the mechanism for 
recovering the EMM messages intended for a given smart 
card from the TS stream received. 
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In Figure 3 we have represented in the form of 
rectangles the various resources, shared by all the 
applications of the decoder, which are useful for an 
understanding of the invention. These shared resources 
5 comprise: 

- filters 111, which correspond to the filters 
11 of Figure 1 ; 

- a smart card reader module 112 which 
comprises both a hardware part (the circuit for 

10 reading/writing on the chip - or integrated circuit - 
of the card) and a software part making it possible to 
communicate with the other applications of the decoder; 

- a so-called signalling tables recovery module 
101 which is a piece of software capable of extracting 

15 from the TS stream tables containing information about 
the structure and the positioning of the data packets 
in the TS stream. In particular, this module is capable 
of extracting a table referred to as CAT (standing for 
"Conditional Access Table") in the aforesaid MPEG 2 

20 standard and which contains, among other things, the 
PIDs identifying the data packets containing the EMM 
messages ; 

- a buffers management module which is a piece 
of low-level software responsible for allocating and 

25 manipulating the buffers used for the storage of the 

packets which are extracted from the data stream TS by 

the filters 111. 

The various resources just described are used 

by applications (software) which are represented by 
30 circles in Figure 3. Finally, in Figure 3 the data 

streams are represented by continuous arrows and the 

events are represented by dashed arrows. 

In what follov/s we shall be interested solely 

in applications which are useful in the loading of user 
35 entitlements within the framework of the invention. 

The first application, the CA module is a piece 

of software specific to a service provider and which 

implements this provider's conditional access system. 

Specifically, it is very rare for two different service 
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providers to use the same conditional access system. In 
general, the CA module is therefore a piece of secret 
software, which is known only to the service provider. 
The manufacturer of the decoder receives it in the form 
5 of "object code" (incomprehensible compiled software - 
as opposed to the "source code" - and which cannot be 
m.odified as is) so as to be built into the decoder. 

The second application, referred to as the MD 
entitlements storage module, is, according to the 

10 invention, an application module which is independent 
of the CA module with which it does not communicate 
directly. The role of this MD module is, as will be 
seen hereinbelow, to "spy" on the filter configurations 
installed by the CA module so as to be capable later of 

15 receiving EMM messages intended for a smart card which 
has been extracted from the decoder in place of the CA 
module . 

We shall now describe more precisely the 
various steps leading to the loading of the user's 

20 entitlements onto his sm.art card. 

When the user of the decoder selects a 
particular service, for example a televised channel, 
the signalling tables recovery module 101 recovers the 
CAT table described hereinabove and the CA module 

25 recovers from this table (step Al, Fig. 3) the PID 
identifying the data packets in which the EMM messages 
for the provider supplying the selected service are 
transmitted. The PID is then stored by the CA module in 
the memory 14 of the decoder ("PID STORAGE" step Ala) . 

30 If we assume thar a smart card No. 1 is 

inserted into the decoder, then the card reader module 
112 generates a "CARD INSERTED" event at step A2 . On 
receipt of this event, the CA module generates a "READ 
ADDRESS" event in step A3 and obtains, in response from 

35 the card reader module 112, the address of the smart 
card in step A4 . 

With the aid of this address and of the stored 
PID, the CA module can install a configuration of 
filters CI so as to select the EMM messages intended 
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for smart card No. 1 (step A5 "SET UP CONFIG."). 

Referring now to Figure 4a, represented therein 
is the assembly 111 of filters Fl to Fn available for 
the various applications of the decoder. It is assumed 
5 that the filter Fl is allocated to another application, 
it is therefore represented hatched in Figure 4a. The 
first filter available is filter F2 . The latter is 
allocated to the CA module which therefore installs the 
configuration CI into F2 . 

10 Returning to Figure 3, it is now assumed that a 

packet containing an EMM message has been selected by 
filter F2 which transmits it (step A6) to the pilot 
nodule 102, which generates an "EMM RECEIVED" event for 
the attention of the CA module (step A7) which responds 

15 with a "READ EMM" event (step A8 ) before receiving the 
corresponding EMM message (step A9) . Finally, the CA 
module transmits the EMM m^essage to the card reader 
m.odule 112 (step AlO) so that the latter transfers it 
to smart card No. 1 for processing (updating of the 

20 user's entitlements stored in the card). Steps A6 to 
AlO are repeated as many times as EMM messages intended 
for smart card No. 1 are received by the filter F2 . 

Now considering the MD module of the invention, 
the latter continuously monitors the configurations of 

25 filters which are installed by the CA module and, as 
soon as a new configuration is set up, as in the 
aforesaid step A5, the MD module recovers this 
configuration (step Bl) and stores it ("CONFIG. 
STORAGE" step Bla) . Figure 4a depicts the end of this 

30 last step and it is noted that the configuration CI 
installed by the CA module has been stored by the MD 
module (see "MD STORAGE" array, "CONFIG." column). 

Let us now assume that the user removes smart 
card No. 1. A "CARD REMOVED" event is then generated by 

35 the card reader module 112 (step CI) . On receipt of 
this event, the CA module erases the filter 
configuration CI corresponding to the remioved card 
(step C2) . The filter F2 is therefore freed 
( Figure 4b) . 
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The MD module v;hich monitors the filters 111 
then receives a "CONFIGURATION ERASED" event (step Dl) 
and immediately reinstalls (step D2) the said 
configuration CI which had been stored in the previous 
5 step Bla. Thus, represented in Figure 4b is the state 
of the filters at the conclusion of this step D2 : 
filter Fl is still allocated to another application of 
the decoder; filter F2 has been freed by the CA module 
and filter Fi has been allocated to the MD module so as 

10 to install the configuration CI. 

It will be noted in what follows that when a 
filter is allocated to the CA module, it is represented 
in Figures 4a to 4e by a continuous bold rectangle, 
whereas when a filter is allocated to the MD module it 

15 is represented by a dashed bold rectangle. 

By virtue of the MD module of the invention, 
the EMM messages intended for smart card No. 1 can 
therefore still be selected from the data stream TS by 
filter Fi despite the absence of the said card from the 

20 decoder. When such an E^!M message intended for card 
No. 1 is selected, it is transmitted to the MD module 
(step D3) so as to be stored in a memory of the decoder 
("EMM STORAGE" step D3a) . Advantageously, the EMM 
messages are stored in a temporary buffer memory area 

25 of the memory 14 of the decoder. 

Referring to Figure 4c, it is assumed that a 
smart card No. 2 is inserted into the decoder. The 
filter F2 is therefore allocated to the CA module so as 
to install a configuration C2 making it possible to 

30 select EMM messages intended for card No. 2. This 
configuration C2 is imjnediately stored by the MD module 
(see "MD STORAGE" array, "CONFIG." column). In 
parallel, the filter Fi remains allocated to the MD 
module with the configuration CI so as to recover the 

35 EMM messages intended for smart card No. 1 which has 
been extracted. It is assumed that at the end of this 
step, a message EMMl intended for card No. 1 has been 
stored by the MD module (see "EMM" column of the "MD 
STORAGE" array) . 
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In Figure 4d it is assumed that the card No. 2 
has been extracted, filter F2 is therefore again freed 
and filter Fl which was free has been allocated to the 
KD module so as to install the configuration C2 stored 
5 previously. As far as filter Fi is concerned, it still 
remains allocated to the MD module with the 
configuration CI. 

Let us now assume that the user reinserts his 
sr.art card No. 1 into the decoder. Steps A2 to A5 

10 described previously are then executed and a filter, 
for example the filter F2 (Figure 4e) , is allocated to 
the CA module with the configuration CI. The MD module, 
which continuously m.onitors the filter configurations 
installed by the CA module, receives this configuration 

15 CI (step El) and compares it with those already stored 
(CI, C2}. As this configuration CI is already stored, 
tne MD module then verifies whether EMM messages 
intended for the corresponding smart card No. 1 are 
scored and it finds the message EMMl . 

20 The message EMMl is then transmitted to the 

pilot m.odule 102 (step E2) as if it had reached filters 
111 directly (as during step A6) . Steps A7 to AID are 
rhen replayed and everything happens, from the point of 
view of the CA m.odule, as if the message EMMl received 

25 had just been selected by filter F2 from the data 
stream TS. 

Thus, by virtue of the invention, the updating 
of the user's entitlements for card No. 1 is done even 
if the new entitlements have been received while the 

30 card was not inserted in the decoder. Furtherm.ore, an 
important advantage of the MD module of the invention 
is that it intervenes in the various resources of the 
decoder without ever interacting directly with the CA 
module. The software of the CA module therefore does 

35 not need to be modified with respect to the prior art 
decoders . 

When the message EMMl is transmitted to the 
pilot module 102 by the MD miodule, the latter 
simultaneously frees the memory space reserved for 
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storing the message EMMl (see "EMM" column of the "MD 
STORAGE" array. Fig. 4e) . Figure 4e furthermore depicts 
the filter Fl which is allocated to the MD module with 
the configuration C2 and it is assumed that a message 
5 EMM2 intended for smart card No. 2 has been received 
and stored (see "EMM" column of the aforesaid array) . 

As far as the strategy for freeing the filters 
is concerned, this depends on the implementation chosen 
by rhe developer of the decoder. For example, it is 
10 possible as in Figure 4e to choose to free the filter 
Fi (which was previously allocated to the MD module 
with the configuration CI) as soon as another filter 
(here F2) is allocated with the same configuration as 
Fl . 

15 The description of the preferred embodiment of 

the invention has been given using the example of the 
MPEG 2 digital data packet transport standard but the 
invention naturally applies within the framework of any 
other data transport standard. 



20 
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CLAIMS 

1. Conditional access system decoder (9) 

comprising : 

5 - at least one device (12) intended to read and/or 
to write data from/to a detachable security element 
(10) supplied by a service provider; 

filters (11) intended to select at least one 
ir.essage (EMM) for managing entitlements which a user 
10 possesses with regard to a service supplied by the said 
provider from among a data stream (TS) received; 
an access control module (CA) capable of: 

a) receiving an identification parameter (AD) 
contained in a security element (10) inserted into the 

15 said decoder; 

b) installing a filter configuration (CI, C2) as a 
fancrion of the identification parameter (AD) received 
in such a way as to select an entitlement management 
message (EMM) intended for the said inserted security 

20 element (10); and 

c) transm.itting the said message (EMM) to the said 
inserted security element; 

characterized in that it furthermore comprises: 

a module for storing entitlements (MD) capable of: 
25 i) storing said configuration of filters (CI, C2) 
which is installed by the access control module (CA) ; 

ii) reinstalling, following the erasure of the 
configuration of filters consequent upon the removal of 
the said security element, the stored configuration of 

30 filters which is appropriate to the said security 
element, in such a way as to select an entitlement 
management message (EMM) intended for the said security 
element when the latter is removed; and 

iii) storing the said message (EMM) in a memory (14) of 
35 the said decoder. 

2. Decoder according to Claim 1, in which the 

module for storing entitlements (MD) is furthermore 

capable of: 



iv) detecting the insertion of a security element into 
said decoder; 

V) verifying whether an entitlement management 
message (EM^5) intended for said inserted security 
5 element is stored in the memory (14) of the decoder; 

and 

vi) should verification be positive, transmitting said 
stored message {EMM) to said inserted security element. 

3. Decoder according to Claim. 2, in which the 
10 module for storing entitlements (MD) detects the 

insertion of a security element (10) into the decoder 
by recording any new installing of configuration of 
filters by the access control module (CA) . 

4. Decoder according to one of Claims 1 to 3, in 
15 which the detachable security element (10) is a smart 

card. 

5. Decoder according to Claim 4, in which the 
identification parameter (AD) contained in the security 
element is the address of the smart card. 

20 6. Method of processing a message (EMM) for 

managing entitlements which a user possesses with 
regard to a service, said method comprising the steps 
consisting in: 

inserting a detachable security element (10) into 

25 a decoder (9); 

recovering (A3, A4 ) from said security element an 
identification param.eter (AD) ; 

installing (A5) a configuration of filter of the 
decoder as a function of said identification param.eter 

30 (AD) in such a way as to select an entitlement 
management message (EMM) intended for said inserted 
security elem.ent; 

transmitting (A6-A10) said message (EMM) to said 
inserted security element, 

35 characterized in that the step of installing the 
configuration of filter which is appropriate to said 
security element is followed by a step of storing (Bl, 
Bla) said configuration and in that, when said security 
element (10) is removed from the decoder, causing the 
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erasure {C2) of said configuration of filters, the 
configuration of filters which is appropriate to the 
removed security element is reinstalled (D2) on the 
basis of the configuration stored during the storage 
5 step in such a way as to select an entitlement 
management message (EMM) intended for said removed 
security element. 

7. Method according to Claim 4, characterized in 
that it comprises an additional step (D3, D3a) 

10 consisting in storing in a memory (14) of the decoder 
said entitlement management message (EMM) intended for 
said removed security element when such a message is 
selected. 

8. Method according to Claim 5, characterized in 
15 that it furthermore comprises the steps consisting in: 

reinserting said security element (10) into t-he 
decoder; 

verifying whether an entitlement management 
message (EMM) intended for said inserted security 
20 element is stored in the mem.ory (14) of the decoder; 

and 

should verification be positive, transferring said 
stored m.essage (EMM) to said inserted security element. 
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ABSTRACT 

CONDITIONAL ACCESS SYSTEM DECODER AND METHOD OF LOADING 
USER ENTITLEMENTS INTO SUCH A DECODER 

5 

The decoder comprises an access control module 
(CA) capable of recovering on a smart card inserted 
into the decoder an identification parameter (AD) of 
the card and of installing a configuration of filter 

10 making it possible to select, in the data stream 
received by the decoder, the entitlement management 
messages (EMM) intended for the inserted smart card. 

It furthermore comprises a m^odule for storing 
entitlements (MD) which is capable of storing the 

15 configuration installed by the module (CA) and of 
reinstalling this configuration of filter when the 
latter configuration is erased, following the removal 
of the smart card. The messages (EMM) intended for the 
sm.art card may therefore be selected and stored, even 

20 when the card is no longer in the decoder. 
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